1. What is this Privacy Policy about? Narrowin GmbH (hereinafter also "we", "us") collects and processes personal data concerning you or other persons (so-called "third parties"). We use the term "data" synonymously with "personal data".
"Personal data" refers to data relating to an identified or identifiable person, i.e., data that allows conclusions to be drawn about their identity based on the data itself or with corresponding additional data. "Particularly sensitive personal data" is a category of personal data that is specially protected by applicable data protection law. Particularly sensitive personal data includes, for example, data revealing racial and ethnic origin, health data, information about religious or philosophical beliefs, biometric data for identification purposes, and information about trade union membership. In Section 3, you will find information about the data we process under this Privacy Policy. "Processing" means any handling of personal data, e.g., collection, storage, use, adaptation, disclosure, and deletion. In this Privacy Policy, we describe what we do with your data when you use https://narrowin.de/ or https://narrowin.ch/, other websites, apps, or services (hereinafter collectively "Website"), purchase our services or products, are otherwise in contact with us in the context of a contract, communicate with us, or otherwise have dealings with us. If applicable, we will inform you through timely written notification of additional processing activities not mentioned in this Privacy Policy. If you provide us with data about other persons such as work colleagues, etc., we assume that you are authorized to do so and that this data is correct. By providing data about third parties, you confirm this. Please also ensure that these third parties have been informed about this Privacy Policy. This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA"), and the revised Swiss Data Protection Act ("revDPA"). However, whether and to what extent these laws apply depends on the individual case.
2. Who is responsible for processing your data? Under data protection law, Narrowin GmbH, Gerberstrasse 4, 4410 Liestal ("Narrowin GmbH"), is responsible for the data processing activities described in this Privacy Policy, unless otherwise communicated in individual cases.
For each data processing activity, there are one or more entities that are responsible for ensuring that the processing complies with data protection law requirements. This entity is called the Controller. For example, it is responsible for answering access requests (Section 11) or ensuring that personal data is secured and not used improperly. Other entities may also be jointly responsible for the data processing activities described in this Privacy Policy if they participate in decisions about the purpose or design of the processing. If you would like information about the individual controllers for a specific data processing activity, you may request this information from us as part of your right of access (Section 11). Narrowin GmbH remains your primary contact, even if other joint controllers exist. In Sections 3, 7, and 12, you will find additional information about third parties with whom we work and who are themselves responsible for their processing activities. For questions or to exercise your rights vis-à-vis these third parties, please contact them directly. You can reach us for your data protection concerns and to exercise your rights according to Section 11 as follows:
narrowin GmbH Gerberstrasse 4 CH-4410 Liestal info@narrowin.ch
3. What data do we process? We process various categories of data about you. The main categories are as follows:
Technical data: When you use our website or other electronic offerings, we collect the IP address of your device and other technical data to ensure the functionality and security of these offerings. This data also includes logs that record the use of our systems. We generally retain technical data for 12 months. To ensure the functionality of these offerings, we may also assign you or your device an individual code (e.g., in the form of a cookie, see Section 12). Technical data alone does not generally allow conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls, or the processing of contracts, it may be linked with other data categories (and thus possibly with your person).
Technical data includes, among other things, the IP address and information about the operating system of your device, the date, region, and time of use, as well as the type of browser you use to access our electronic offerings. This can help us deliver the correct formatting of the website or, for example, display a website tailored to your region. Based on the IP address, we know which provider you use to access our offerings (and thus also the region), but we usually cannot deduce who you are. This changes if, for example, you create a user account, as personal data can then be linked with technical data (e.g., we see which browser you use to access your account on our website). Examples of technical data also include logs that are generated in our systems (e.g., the log of user logins on our website).
Registration data: Certain offerings and services can only be used with a user account or registration, which can be done directly with us or via our external login providers. You must provide us with certain data, and we collect data about the use of the offering or service. Registration data may also be generated for access controls to certain facilities; depending on the control system, this may also include biometric data. We generally retain registration data for 24 months after the end of the use of the service or the deletion of the user account. Registration data includes, among other things, the information you provide when creating an account on our website (e.g., username, password, name, email). Registration data also includes data that we may require from you before you can use certain free services, such as name, email, and telephone number; in this case: name, address, contact details. You must also register if you want to subscribe to our newsletter. In the context of access controls, we may need to register you with your data (access codes in badges, biometric data for identification) (see the category "other data").
Communication data: When you contact us via the contact form, email, telephone, chat, letter, or other communication channels, we record the data exchanged between you and us, including your contact details and the metadata of the communication. If we record or listen to telephone calls or video conferences, e.g., for training and quality assurance purposes, we will specifically inform you. Such recordings may only be made and used in accordance with our internal guidelines. You will be informed whether and when such recordings take place, e.g., by a notice during the relevant video conference. If you do not wish to be recorded, please let us know or end your participation. If you only do not want your image to be recorded, please turn off your camera. If we want or need to verify your identity, e.g., when you make an access request, apply for media access, etc., we collect data to identify you (e.g., a copy of an ID). We generally retain this data for 12 months from the last exchange with you. This period may be longer if required for evidence purposes or to comply with legal or contractual requirements or for technical reasons. Emails in personal mailboxes and written correspondence are generally kept for at least 10 years. Recordings of (video) conferences are generally kept for 36 months. Chats are generally kept for 2 years. Communication data includes your name and contact details, the manner, place, and time of communication, and usually also its content (i.e., the content of emails, letters, chats, etc.). This data may also contain information about third parties. For identification purposes, we may also process your ID number or a password you have set.
Master data: We refer to master data as the basic data that we need in addition to contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, and information about your role and function, your bank account(s), your date of birth, customer history, powers of attorney, signing authorities, and declarations of consent. We process your master data if you are a customer or other business contact or act for such a person (e.g., as a contact person of the business partner), or because we want to contact you for our own purposes or those of a contractual partner (e.g., in the context of marketing and advertising, with invitations to events, with newsletters, etc.). We receive master data from you (e.g., when making a purchase or registering), from entities for which you work, or from third parties such as our contractual partners, associations, and address dealers and from publicly accessible sources such as public registers or the internet (websites, social media, etc.). We generally retain this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if required for evidence purposes or to comply with legal or contractual requirements or for technical reasons. For pure marketing and advertising contacts, the period is usually much shorter, usually no more than 3 years since the last contact. Master data includes, for example, data such as name, address, email address, telephone number, and other contact details, gender, date of birth, nationality, information about related persons, websites, social media profiles, photos and videos, copies of IDs; also information about your relationship with us (customer, supplier, visitor, service recipient, etc.), information about your status with us, assignments, classifications and distribution lists, information about our interactions with you (possibly a history thereof with corresponding entries), reports (e.g., from the media) or official documents (e.g., commercial register extracts, permits, etc.) that concern you. As payment information, we collect, for example, your bank account, account number, and credit card data. Consent or blocking notes are also part of the master data, as well as information about third parties, e.g., contact persons, recipients of services, advertising recipients, or representatives. For contact persons and representatives of our customers, suppliers, and partners, we process as master data, for example, name and address, information about role, function in the company, qualifications, and, if applicable, information about superiors, employees, and subordinates and information about interactions with these persons. Master data is not collected comprehensively for all contacts. Which data we collect in detail depends in particular on the purpose of the processing.
Contract data: These are data that arise in connection with the conclusion or processing of a contract, e.g., information about contracts and the services to be provided or provided, as well as data from the pre-contractual phase that are necessary or used for processing and information about reactions (e.g., complaints or information about satisfaction, etc.). We usually collect this data from you, from contractual partners, and from third parties involved in the processing of the contract, but also from third-party sources (e.g., providers of creditworthiness data) and from publicly accessible sources. We generally retain this data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer if required for evidence purposes or to comply with legal or contractual requirements or for technical reasons. Contract data includes information about the conclusion of the contract, about your contracts, e.g., type and date of conclusion, information from the application process (such as an application for our products or services), and information about the relevant contract (e.g., its duration) and the processing and management of the contracts (e.g., information in connection with invoicing, customer service, support with technical matters, and enforcement of contractual claims). Contract data also includes information about defects, complaints, and adjustments to a contract, as well as information about customer satisfaction, which we may collect through surveys. Contract data also includes financial data such as information about creditworthiness (i.e., information that allows conclusions to be drawn about the likelihood that claims will be settled), reminders, and debt collection. We receive this data partly from you (e.g., when you make payments), but also from credit agencies and debt collection companies and from publicly accessible sources (e.g., a commercial register).
Behavioral and preference data: Depending on our relationship with you, we try to get to know you and better tailor our products, services, and offerings to you. To do this, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we may also supplement this information with information from third parties – including from publicly accessible sources. Based on this, we can, for example, calculate the probability that you will use certain services or behave in a certain way. The data processed for this purpose is partly already known to us (e.g., when you use our services), or we obtain this data by recording your behavior (e.g., how you navigate our website). We anonymize or delete this data when it is no longer meaningful for the purposes pursued, which, depending on the type of data, is between 2 weeks and 36 months (for product and service preferences). This period may be longer if required for evidence purposes or to comply with legal or contractual requirements or for technical reasons. How tracking works on our website is described in Section 12. Behavioral data is information about certain actions, e.g., your reaction to electronic communications (e.g., whether and when you opened an email) or about your location as well as your interaction with our social media profiles and your participation in events. We may collect your location data, for example, when you use our website. We will inform you about the collection of anonymous movement profiles at the relevant locations by appropriate signs; we will only create a personalized movement profile with your consent. Preference data gives us information about your needs, which products or services might be of interest to you, or when and how you are likely to respond to messages from us. We obtain this information from the analysis of existing data such as behavioral data so that we can get to know you better, tailor our advice and offers more precisely to you, and generally improve our offers. To improve the quality of our analyses, we may link this data with other data that we also obtain from third parties such as address dealers, authorities, and publicly accessible sources such as the internet, e.g., with information about your employer. Behavioral and preference data can be evaluated on a personal basis (e.g., to show you personalized advertising), but also on a non-personal basis (e.g., for market research or product development). Behavioral and preference data can also be combined with other data (e.g., movement data can be used as part of a health protection concept for contact tracing).
Other data: We also collect data about you in other situations. In connection with official or court proceedings, for example, data is generated (such as files, evidence, etc.) that may also relate to you. For health protection reasons, we may also collect data (e.g., as part of protection concepts). We may receive or produce photos, videos, and audio recordings in which you may be recognizable (e.g., at events, through security cameras, etc.). We may also collect data about who enters certain buildings and when or has corresponding access rights (including access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns and when, or who uses our infrastructure and systems and when. Finally, we collect and process data about our shareholders and other investors; in addition to master data, this includes information for the relevant registers, regarding the exercise of their rights, and the conduct of events (e.g., general meetings). The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many security cameras and usually a few weeks for data for contact tracing, to visitor data, which is usually kept for 3 months, to reports on events with images, which can be kept for several years or longer. Data about you as a shareholder or other investor is retained in accordance with corporate law requirements, but in any case as long as you are invested.
Many of the data mentioned in this Section 3 are provided by you (e.g., via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g., in the context of binding protection concepts (legal obligations). If you want to conclude contracts with us or use services, you must also provide us with data as part of your contractual obligation under the relevant contract, in particular master, contract, and registration data. When using our website, the processing of technical data is unavoidable. If you want access to certain systems or buildings, you must provide us with registration data. However, you generally have the option to object to or not consent to behavioral and preference data.
Certain services are only available to you if you provide us with registration data, because we or our contractual partners want to know who is using our services or has accepted an invitation to an event, because it is technically necessary, or because we want to communicate with you. If you or a person you represent (e.g., your employer) wants to conclude or fulfill a contract with us, we must collect the relevant master, contract, and communication data from you, and we process technical data if you want to use our website or other electronic offerings for this purpose. If you do not provide us with the data required for the conclusion and processing of the contract, you must expect that we will refuse to conclude the contract, you will breach the contract, or we will not fulfill the contract. Likewise, we can only send you a response to a request if we process the relevant communication data and – if you communicate with us online – possibly also technical data. The use of our website is also not possible without us receiving technical data. Unless prohibited, we also obtain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, media, or the internet including social media) or receive data from authorities and other third parties (such as credit agencies, associations, contractual partners, internet analysis services, address dealers, etc.).
The categories of personal data that we receive from third parties about you include, in particular, information from public registers, information that we learn in connection with official and court proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process business with your employer with your help), information about you in correspondence and meetings with third parties, credit information (if we do business with you personally), information about you provided to us by people in your environment (family, advisors, legal representatives, etc.) so that we can conclude or process contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as fraud, money laundering, and terrorism prevention and export restrictions, information from banks, insurance companies, and sales and other contractual partners of ours regarding the use or provision of services by you (e.g., payments, purchases, etc.), information from the media and the internet about you (if indicated in the specific case, e.g., in the context of an application, marketing/sales, press review, etc.), your address and, if applicable, interests and other sociodemographic data (especially for marketing and research) and data in connection with the use of third-party websites and online offerings, where this use can be assigned to you.
4. For what purposes do we process your data? We process your data for the purposes explained below. Further information for the online area can be found in Sections 12 and 13. These purposes or the underlying objectives represent legitimate interests of ours and, if applicable, of third parties. You will find further information on the legal bases of our processing in Section 5. We process your data for purposes related to communication with you, in particular to respond to inquiries and to assert your rights (Section 11) and to contact you in case of queries. For this purpose, we use in particular communication data and master data and, in connection with the offerings and services you use, also registration data. We retain this data to document our communication with you, for training purposes, for quality assurance, and for queries.
This concerns all purposes in connection with which you and we communicate, whether in customer service or consulting, for authentication in the case of use of the website, or for training and quality assurance (e.g., in customer service). We also process communication data so that we can communicate with you by email and telephone, as well as messenger services, chat, social media. Communication with you usually takes place in connection with other processing purposes, e.g., so that we can provide services or respond to a request for information. Our data processing also serves as evidence of communication and its content. We process data for the initiation, management, and processing of contractual relationships.
We conclude contracts of various kinds with our business and private customers, with suppliers, subcontractors, or other contractual partners such as project partners or parties in legal disputes. In doing so, we process in particular master data, contract data, and communication data and, depending on the circumstances, also registration data of the customer or the persons to whom the customer provides a service. This includes, for example, recipients of our products or services who receive invitations from our customers and can thus themselves become our customers. In this case, we process data for the processing of the contract with these recipients, but also with the contractual partners who invited them. In the context of business initiation, personal data – in particular master data, contract data, and communication data – is collected from potential customers or other contractual partners (e.g., in an order form or contract) or results from communication. Data is also processed in connection with the conclusion of the contract to check creditworthiness and to establish the customer relationship. In some cases, this information is checked to comply with legal requirements. In the context of the processing of contractual relationships, we process data for the management of the customer relationship, for the provision and collection of contractual services (which also includes the involvement of third parties, such as logistics companies, security services, advertising service providers, banks, insurance companies, or credit agencies), for consulting and customer support. The enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.) is also part of the processing, as is accounting, termination of contracts, and public communication. We process data for marketing purposes and relationship management, e.g., to send our customers and other contractual partners personalized advertising for products and services from us and from third parties. This can be done, for example, in the form of newsletters and other regular contacts (electronically, by email, by post, by telephone), via other channels for which we have your contact information, but also as part of individual marketing campaigns (e.g., events, etc.) and may also include free services (e.g., invitations, etc.). You can object to such contacts at any time (see the end of this Section 4) or refuse or withdraw your consent to being contacted for advertising purposes. With your consent, we can target our online advertising on the Internet more specifically to you (see Section 12). Finally, we also want to enable our contractual partners to contact our customers and other contractual partners for advertising purposes (see Section 7).
For example, with your consent, we send you information, advertising, and product offers from us and from third parties (e.g., advertising partners), in print, electronically, or by telephone. For this purpose, we mainly process communication and registration data. Like most companies, we personalize communications so that we can send you individual information and offers tailored to your needs and interests. To do this, we link data that we process about you, determine preference data, and use this data as the basis for personalization (see Section 3). Relationship management also includes the – if applicable, personalized based on behavioral and preference data – approach to existing customers and their contacts. As part of relationship management, we may also operate a Customer Relationship Management system ("CRM") in which we store the data necessary for relationship management with customers, suppliers, and other business partners, e.g., about contact persons, relationship history (e.g., about products and services purchased or delivered, interactions, etc.), interests, wishes, marketing measures (newsletters, invitations to events, etc.), and other information. All these processing activities are important to us not only to advertise our offers as effectively as possible, but also to make our relationships with customers and other third parties more personal and positive, to focus on the most important relationships, and to use our resources as efficiently as possible. We also process your data for market research, to improve our services and operations, and for product development.
We strive to continuously improve our products and services (including our website) and to respond quickly to changing needs. For example, we analyze how you navigate our website or which products are used by which groups of people and in what way, and how new products and services can be designed (for more details, see Section 12). This gives us indications of the market acceptance of existing and the market potential of new products and services. For this purpose, we process in particular master, behavioral, and preference data, but also communication data and information from customer surveys, questionnaires, and studies, as well as other information, e.g., from the media, social media, the Internet, and other public sources. Where possible, we use pseudonymized or anonymized information for these purposes. We may also use media monitoring services or conduct media monitoring ourselves and process personal data in the process, in order to conduct media work or to understand and respond to current developments and trends. With your consent, we use non-anonymized location data to inform you about interesting offers and products nearby based on your position, to infer your interests from the location data (dwell time), and to inform you about which products and services other contractual partners with similar interests have used. We may also process your data for security purposes and access control.
We continuously check and improve the appropriate security of our IT and other infrastructure (e.g., buildings). Like all companies, we cannot completely rule out data security breaches, but we do our best to reduce the risks. We therefore process data, for example, for monitoring, controls, analyses, and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes, and as part of backups. Access controls include, on the one hand, control of access to electronic systems (e.g., logging in to user accounts), and on the other hand, physical access control (e.g., building access). For security purposes (preventive and for investigating incidents), we also keep access logs or visitor lists and use surveillance systems (e.g., security cameras). We inform you about surveillance systems at the relevant locations by appropriate signs. We process personal data to comply with laws, instructions, and recommendations from authorities and internal regulations ("compliance").
This includes, for example, the implementation of health and safety concepts or the legally regulated prevention of money laundering and terrorist financing. In certain cases, we may be required to carry out certain checks on customers ("Know Your Customer") or to report to authorities. The fulfillment of information, disclosure, or reporting obligations, e.g., in connection with supervisory and tax obligations, also requires or entails data processing, e.g., the fulfillment of archiving obligations and the prevention, detection, and investigation of criminal offenses and other violations. This also includes the receipt and processing of complaints and other reports, the monitoring of communication, internal investigations, or the disclosure of documents to an authority if we have sufficient reason or are legally obliged to do so. In the case of external investigations, e.g., by a law enforcement or supervisory authority or a commissioned private body, your personal data may also be processed. We also process data to look after our shareholders and other investors and to fulfill our obligations in this regard. For all these purposes, we process in particular your master data, contract data, and communication data, but also, where appropriate, behavioral data and data from the category of other data. The legal obligations may be under Swiss law, but also under foreign regulations to which we are subject, as well as self-regulation, industry standards, our own "corporate governance," and official instructions and requests. We also process data for our risk management purposes and as part of prudent corporate governance, including business organization and corporate development.
For these purposes, we process in particular master data, contract data, registration data, and technical data, but also behavioral and communication data. For example, as part of our financial management, we have to monitor our debtors and creditors, and we have to avoid becoming victims of crimes and abuses, which may require the evaluation of data for corresponding patterns. For these purposes and to protect you and us from criminal or abusive activities, we may also carry out profiling and create and process profiles (see also Section 6). As part of the planning of our resources and the organization of our operations, we have to evaluate and process data on the use of our services and other offers or exchange information about this with others (e.g., outsourcing partners), which may also include your data. The same applies to services provided to us by third parties. As part of corporate development, we may sell or acquire businesses, business units, or companies or enter into partnerships, which may also lead to the exchange and processing of data (including yours, e.g., as a customer or supplier or as a supplier representative). We may process your data for other purposes, e.g., as part of our internal processes and administration or for training and quality assurance purposes.
These other purposes include, for example, training and education purposes, administrative purposes (such as the management of master data, accounting and data archiving, and the review, management, and ongoing improvement of IT infrastructure), the protection of our rights (e.g., to assert claims in court, out of court, and before authorities in Switzerland and abroad or to defend ourselves against claims, e.g., by securing evidence, legal clarifications, and participation in legal or administrative proceedings), and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively.
5. On what basis do we process your data? If we ask you for your consent for certain processing activities (e.g., for the processing of marketing mailings, for advertising control and behavioral analysis on the website), we will inform you separately about the relevant purposes of the processing. You can withdraw your consent at any time with effect for the future by written notice (by post) or, unless otherwise specified or agreed, by email to us; our contact details can be found in Section 2. For withdrawing your consent to online tracking, see Section 12. If you have a user account, a withdrawal or contact with us may also be made via the relevant website or other service. Once we have received notice of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until withdrawal. Where we do not ask you for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, in particular to pursue the purposes and related measures described above in Section 4. Our legitimate interests also include compliance with legal regulations, insofar as these are not already recognized as a legal basis by the applicable data protection law (e.g., under the GDPR, the law in the EEA and Switzerland). This also includes the marketing of our products and services, the interest in better understanding our markets, and in managing and further developing our company, including its operations, securely and efficiently. If we receive sensitive data (e.g., health data, information on political, religious, or ideological views, or biometric data for identification), we may also process your data on other legal grounds, e.g., in the event of disputes due to the necessity of processing for a possible process or the assertion or defense of legal claims. In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.
6. What applies to profiling and automated individual decisions? We may automatically evaluate certain of your personal characteristics for the purposes mentioned in Section 4 based on your data (Section 3) ("profiling"), for example, if we want to determine preference data, but also to identify misuse and security risks, to carry out statistical evaluations, or for operational planning purposes. For the same purposes, we may also create profiles, i.e., we may combine behavioral and preference data, as well as master and contract data and technical data assigned to you, in order to better understand you as a person with your different interests and other characteristics.
If you are a customer of ours, we can, for example, use profiling based on your purchases to determine which other products are likely to interest you. We can also use it to check your creditworthiness before offering you a purchase on account. An automated evaluation of data can also check, for your protection, how likely it is that a particular transaction is fraudulent. This allows us to stop the transaction for clarification. "Profiles" are different from this. This refers to the linking of different data in order to gain indications of essential aspects of your personality from the entirety of this data (e.g., what you like or how you behave in certain situations). Profiles can also be used, for example, for marketing or security purposes. In both cases, we pay attention to the proportionality and reliability of the results and take measures against abusive use of these profiles or profiling. If these have legal effects or significant disadvantages for you, we generally provide for a manual review.
7. To whom do we disclose your data? In connection with our contracts, the website, our services and products, our legal obligations, or otherwise to protect our legitimate interests and the other purposes listed in Section 4, we also disclose your personal data to third parties, in particular to the following categories of recipients:
Contractual partners including customers: This primarily refers to customers (e.g., service recipients) and other contractual partners of ours, because this data transfer results from these contracts. For example, they receive registration data and invitations, etc. If you work for such a contractual partner, the processing of this contract may result in us informing the company, for example, how you have used our service.
Authorities: We may disclose personal data to offices, courts, and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us in their own responsibility. Examples include criminal investigations, police measures (e.g., health protection concepts, violence prevention, etc.), regulatory requirements and investigations, legal proceedings, reporting obligations, and pre- and out-of-court proceedings as well as legal information and cooperation obligations. Data may also be disclosed if we want to obtain information from public authorities, e.g., to justify an interest in information or because we have to state about whom we need information (e.g., from a register).
8. Will your personal data also be transferred abroad? As explained in Section 7, we also disclose data to other entities. These are not only located in Switzerland. Your data may therefore be processed both in Europe and in other countries; in exceptional cases, however, in any country in the world. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption. An exemption may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such disclosure, if you have consented, or if it concerns data that you have made generally accessible and whose processing you have not objected to.
Many countries outside Switzerland or the EU and EEA currently do not have laws that ensure an adequate level of data protection from the perspective of the FADP or the GDPR. The contractual arrangements mentioned can partially compensate for this weaker or missing legal protection. However, contractual arrangements cannot eliminate all risks (in particular, of government access abroad). You should be aware of these residual risks, even if the risk may be low in individual cases and we take further measures to minimize it. Please also note that data exchanged over the Internet is often routed via third countries. Your data may therefore also be transferred abroad even if the sender and recipient are in the same country.
9. How long do we process your data? We process your data as long as our processing purposes, the legal retention periods, and our legitimate interests in processing for documentation and evidential purposes require it or storage is technically necessary. Further information on the respective storage and processing duration can be found in the individual data categories in Section 3 or in the cookie categories in Section 12. Unless there are legal or contractual obligations to the contrary, we delete or anonymize your data after the storage or processing period has expired as part of our usual procedures.
Documentation and evidential purposes include our interest in documenting events, interactions, and other facts in the event of legal claims, disputes, IT and infrastructure security, and demonstrating good corporate governance and compliance. Technical retention may occur if certain data cannot be separated from other data and we therefore have to keep them together (e.g., in the case of backups or document management systems).
10. How do we protect your data? We take appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counteract the risks of loss, accidental alteration, unwanted disclosure, or unauthorized access.
Technical and organizational security measures may include, for example, measures such as encryption and pseudonymization of data, logging, access restrictions, storage of backups, instructions to our employees, confidentiality agreements, and controls. We protect your data transmitted via our website during transport using appropriate encryption mechanisms. However, we can only secure areas that we control. We also require our processors to take appropriate security measures. However, security risks can generally not be completely excluded; residual risks are unavoidable.
11. What rights do you have? The applicable data protection law grants you the right, under certain circumstances, to object to the processing of your data, in particular to that for the purposes of direct marketing, profiling carried out for direct advertising, and other legitimate interests in processing. To facilitate your control over the processing of your personal data, you have in connection with our data processing, depending on the applicable data protection law, also the following rights:
If you wish to exercise the above rights with respect to us, please contact us in writing, at our premises, or, unless otherwise specified or agreed, by email; our contact details can be found in Section 2. In order to exclude misuse, we need to identify you (e.g., with a copy of an ID, if this is not possible otherwise). Please note that there are conditions, exceptions, or limitations to these rights under the applicable data protection law (e.g., for the protection of third parties or business secrets). We will inform you accordingly, if necessary.
In particular, we may need to further process and store your personal data in order to fulfill a contract with you, to protect our own legitimate interests, such as the assertion, exercise, or defense of legal claims, or to comply with legal obligations. As far as legally permissible, in particular for the protection of the rights and freedoms of other data subjects as well as to safeguard legitimate interests, we may therefore also refuse a data subject request in whole or in part (e.g., by redacting certain content concerning third parties or our business secrets). If you are not satisfied with our handling of your rights or data protection, please let us know (Section 2). In particular, if you are in the EEA, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority in your country. The Swiss supervisory authority can be reached here: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.
12. Do we use online tracking techniques? On our website, we use various techniques that allow us and third parties engaged by us to recognize you during your use of the website and possibly track you over multiple visits. In this section, we inform you about it. Essentially, it is about us being able to distinguish your accesses (via your system) from accesses by other users, so that we can ensure the functionality of the website and make evaluations and personalizations. We do not want to draw conclusions about your identity, although we can do this if we or third parties engaged by us can identify you by combining with registration data. Even without registration data, the techniques used are designed in such a way that you are recognized as an individual visitor with each page call, for example by our server (or the servers of third parties) assigning you or your browser a specific recognition number (so-called "cookie").
Cookies are individual codes (e.g., a serial number) that our server or a server of our service providers or advertising partners transmits to your system when you connect to our website and that your system (browser, mobile) receives and stores until the programmed expiration date. With each subsequent access, your system transmits these codes to our server or the server of the third party. In this way, you are recognized, even if your identity is unknown. Whenever you access a server (e.g., when using a website or an app or because an image is integrated in an email, visible or invisible), your visits can be "tracked" (followed). If we integrate offers from an advertising partner or a provider of an analysis tool on our website, this partner can also track you in the same way, even if you cannot be identified in the individual case. We use such techniques on our website and allow certain third parties to do the same. Depending on the purpose of these techniques, we ask for your consent before they are used. You can program your browser to block, deceive, or delete certain cookies or alternative techniques. You can also expand your browser with software that blocks tracking by certain third parties. For more information, please refer to the help pages of your browser (usually under the keyword "Data Protection") or the websites of the third parties we list below. The following cookies (techniques with comparable functions such as fingerprinting are included here) are distinguished:
Specifically deployed tools:
Manage cookie settings:
You can adjust your cookie settings at any time through our cookie banner. Click here to open your cookie settings. You can individually decide for each category (Necessary, Analytics, Marketing) whether you want to allow or reject cookies.
13. Which data do we process on our pages on social networks? We may operate pages and other online presences on social networks and other platforms operated by third parties ("fan pages", "channels", "profiles", etc.) and there collect data about you as described in Section 3 and below. We receive this data from you and the platforms.
We receive data about you when you communicate with us via online presences or view our content, visit our online presences, or are active in them (e.g., publish content, leave comments). These platforms may also collect technical data, registration data, communication data, behavioral and preference data from you or about you (see Section 3 for the terms). These platforms regularly evaluate how you interact with us, how you use our online presences, our content, or other parts of the platform (what you view, comment on, "like", share, etc.) statistically and link this data with other information. In this way, they also create profiles about you and statistics on the use of our online presences. They use this data and profiles to display our or other advertising and content to you personalized on the platform and to control the behavior of the platform, but also for market and user research and to provide us and other parties with information about you and the use of our online presences. We can partially control the evaluations that these platforms create regarding the use of our online presences. We process this data for the purposes described in Section 4, in particular for communication, marketing purposes (including advertising on these platforms, see also Section 12), and market research. You will find information on the relevant legal bases in Section 5. Content published by you (e.g., comments on an announcement) can be redistributed by us (e.g., in our advertising on the platform or elsewhere). We or the platform operators can also delete or restrict content from or about you in accordance with the usage guidelines (e.g., inappropriate comments). Further information on the processing by the platform operators can be found in the privacy notices of the platforms. There you will also find out in which countries they process your data, what rights you have regarding information, deletion, and other matters, and how you can assert these rights or obtain further information. Currently, we use the following platforms: LinkedIn: Here we operate the page https://www.linkedin.com/company/narrowin/. The responsible party for the operation of the platform is the members organization of companies under the control of LinkedIn, for example: LinkedIn Ireland, LinkedIn Corporation, LinkedIn Singapore, and Microsoft Corporation. If you are in the countries of the European Union (EU), the European Economic Area (EEA), and Switzerland (CH), the responsible party for your personal data, which is provided to you by or for our services, is collected by these, or processed in connection with these, is LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”). If you are outside these countries, LinkedIn Corporation is the responsible party for the aforementioned processing of your personal data. Their privacy notices can be found at https://www.linkedin.com/legal/privacy-policy#others . Some of your data may be transmitted to the USA in the process. Regarding the data collected and processed when visiting our page for the creation of "Page analytics", we are jointly responsible with LinkedIn Ireland Ltd. Within the framework of Page analytics, statistics are created about what visitors do on our page (comment on posts, forward content, etc.). This is described at https://www.linkedin.com/help/linkedin/answer/a547077 . It helps us to understand how our page is used and how we can improve it. We only receive anonymous, aggregated data in this regard. Our responsibilities regarding data protection are regulated according to the information on https://legal.linkedin.com/pages-joint-controller-addendum .
14. Can this privacy policy be changed? This privacy policy is not part of a contract with you. We can adjust this privacy policy at any time. The version published on this website is the current version.
Last updated: November 10, 2025
